Jump to content

Archived

This topic is now archived and is closed to further replies.

germ

SSL Implementation Help

Recommended Posts

If you're just using plain HTML for the link you're losing the osCid. You should be using the osC PHP function tep_href_link function for links within the store.

 

If you are using the PHP functiom my guess would be the cookie settings in the config file are incorrect.

 

Just an FYI - NONE of the links in the source code should have the osCid embedded in them.

 

That's just ASKING for trouble.

>_<


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

That explains it....thanks.

 

Looks like I now have SSL working on my site... One question.... through the checkout process I go to Pay Pal. On their site the https: is in dark green. Any idea how I can do this in my site when a person clicks to https:????

 

Thanks

 

Rick

Share this post


Link to post
Share on other sites

Well you just uncovered a bug in the code.

:blush:

 

It works on the site I manage flawlessly, but on yours some of the popup windows reload continuously...

:(

 

That would be because the session between HTTP and HTTPS isn't getting shared.

:blink:

 

I'll have to take a look at that.

:wacko:

 

When I get something together codewise would you be able to test it before I upload it as a new version of the contribution?

:unsure:

 

Anyway, using the code files I think I have a solution to your problem.

 

osC isn't recognizing the cue from the server that SSL is "on".

 

In your /includes/application_top.php find this code:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Change it to:

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
// added nonstandard code 24-apr-09
 $request_type = ($_SERVER['HTTP_HOST'] == 'plixxcbr.acessoseguro.net') ? 'SSL' : 'NONSSL';

BACKUP THE FILE BEFORE MAKING ANY EDITS.

 

I'll be waiting to hear how things go while I work on a code change to the contribution to prevent continuous page reloads.

;)

 

Hello. I was referred to you from another moderator as the SSL guru. I've read through this whole thread looking for something subtle I may have wrong. I downloaded your scripts and ran them. They don't indicate there is any config problems, but I noticed that the pop-up window continously refreshes. I thought I read that you had fixed a bug in your code (I downloaded the latest) that was causing that. I'm wondering if this is happening because of a problem I may have in my setup. Would you be willing to take a look to see if your trained eye spots something I'm missing?

 

Thanks in advance.

Share this post


Link to post
Share on other sites

The scripts aren't really designed to tell you exactly where the problem is in most cases.

 

They're more tools that I've developed and constructed that enable me to help resolve SSL implementation problems.

 

If you post your URL (or send it to me in a PM) I'll gladly look things over.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

That explains it....thanks.

 

Looks like I now have SSL working on my site... One question.... through the checkout process I go to Pay Pal. On their site the https: is in dark green. Any idea how I can do this in my site when a person clicks to https:????

 

Thanks

 

Rick

I have no clue how they do that.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Germ,

 

I'm putting together a explanation of my online security. I just have the basic SSL and found the following wording on the Internet. I would like to use the below wording but wanted to check with you to see if you thought this wording is correct using basic SSL.

"We use Secure Socket Layer (SSL) technology to encrypt your personal information such as User Ids, Passwords, and account information over the Internet. Any information provided to you is scrambled en route and decoded once it reaches your browser." Information you provide via electronic forms on the our website is secure and encrypted in most instances. In other words, it is scrambled en route and decoded once it reaches us. You may check that your web session is secure by looking for a small lock symbol usually located in the lower corner of your web browser window. Current versions of leading web browsers indicate when a web page is encrypted for transmission through this symbol. You may also look for the letters "https://" at the beginning of your website URL in your web browser. The "s" means that the web connection is secure."

 

What do you think? Thanks Rick.AOLWebSuite .AOLPicturesFullSizeLink { height: 1px; width: 1px; overflow: hidden; } .AOLWebSuite a {color:blue; text-decoration: underline; cursor: pointer} .AOLWebSuite a.hsSig {cursor: default}

Share this post


Link to post
Share on other sites

I view my role here as an assistant to site functionality, not content.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi germ, I hope you can help me with my problem.

 

Version 1.2

Site: https://web108.secure-secure.co.uk/fashionsense.dk/login.php



Page done!

Base: https://web108.secure-secure.co.uk/fashionsense.dk/


Parsing CSS:
https://web108.secure-secure.co.uk/fashionsense.dk/css/lightbox.css


CSS file done!

https://web108.secure-secure.co.uk/fashionsense.dk//includes/sts_templates/freeosc_060/freeoscommerce_060_stylesheet.css


CSS file done!

https://web108.secure-secure.co.uk/fashionsense.dk/lightbox.css


Unable to open [https://web108.secure-secure.co.uk/fashionsense.dk/lightbox.css]!

 

I have tried to search for a fix, and updated to lightbox2, but didn't make any difference for my SSL.

 

Hope you can help me?

 

 

If it will do any help I have a link to my secure page and a link to the regular to show how the template should look like:

SSL:

https://web108.secure-secure.co.uk/fashionsense.dk/login.php

 

Regular:

http://www.fashionsense.dk/

Share this post


Link to post
Share on other sites

Change this:

 

<link rel="stylesheet" type="text/css" href="/includes/sts_templates/freeosc_060/freeoscommerce_060_stylesheet.css">

to:

 

<link rel="stylesheet" type="text/css" href="includes/sts_templates/freeosc_060/freeoscommerce_060_stylesheet.css">


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

The link to the logo image at the top of the page has a slash at the beginning that needs removed as well.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hello everyone,

I just had installed SSL certificate through JustHost, and now I can't get into my website at all...

My website is www.pick-a-bee.com...

Does anyone know what could be the problem?

I've changed the config.php in the three directories: catalog, admin, and local...

Any suggestions?

Thanks!

Allioth

Share this post


Link to post
Share on other sites

It works for me, although this line:

 

<script type="text/javascript" src="http://info.template-help.com/files/ie6_warning/ie6_script_other.js"></script>

 

Is causing the infamous "non secure items" popup in IE on your SSL pages.

 

You can't load images or scripts from HTTP sources on HTTPS pages.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi, this is my site: http://www.therpgstore.com

 

When i try: https://www.therpgstore.com none of my internal links are "https", and this is only on my public site, i have no problems with the admin panel.

 

includes/configure.php

 

  define('HTTP_SERVER', 'http://www.therpgstore.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.therpgstore.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.therpgstore.com');
 define('HTTPS_COOKIE_DOMAIN', 'therpgstore.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Host and SSL: GoDaddy

 

how can i fix this problem? thanks!

Share this post


Link to post
Share on other sites

The only links that are supposed to use SSL are pages where sensitive info is exchanged, login, logout, account info, and all the pages thru the checkout process (covers most of them - I might have missed a few).

 

The only problem I could see off hand was the HTTP links in the code that makes the SWF file run are causing the "non secure items" popup in IE.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

The only links that are supposed to use SSL are pages where sensitive info is exchanged, login, logout, account info, and all the pages thru the checkout process (covers most of them - I might have missed a few).

 

The only problem I could see off hand was the HTTP links in the code that makes the SWF file run are causing the "non secure items" popup in IE.

 

Thanks, i already change all the "http" to "https" in the SWF.

 

The real problem is when a user tries to see hes Order History, that box always show "http" links, when the user click there then is getting log out and can't review any buy.

 

therpgstorehttp.th.jpg

 

Thanks.

Share this post


Link to post
Share on other sites

If you click a link and get logged out you're losing the session.

 

In the config file change:

 

  define('HTTPS_COOKIE_DOMAIN', 'therpgstore.com');

 

To this:

 

  define('HTTPS_COOKIE_DOMAIN', 'www.therpgstore.com');


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

If you click a link and get logged out you're losing the session.

 

In the config file change:

 

  define('HTTPS_COOKIE_DOMAIN', 'therpgstore.com');

 

To this:

 

  define('HTTPS_COOKIE_DOMAIN', 'www.therpgstore.com');

 

Thanks! problem solved :)

Share this post


Link to post
Share on other sites

Another wrinkle in the SSL world. I am having SSL issues, I am with ‘1and1’.

I downloaded the ssl_help zip file. Put the 4 files on the ‘root’ of my oscommerce page (ie under ‘catalog’). When I enter the string:

http://www.zzz.com/ psc/ catalog/ unsecure.php?site=https://site.com (with no spaces)

I get hit with the 404 error. (btw, zzz is not the real name)

My full oscommerce site is located at www.zzz.com/psc/catalog.

I have another name registered at 1and1 that I will use for this site when I get this up and running successfully.

I currently have a ‘come back later’ page at that registered name site.

1and1 has the SSL set to www.zzz.com. I can not get it set to the www.zzz.com/psc/catalog location. not sure if that is the issue.

Any ideas. :rolleyes: Germ, if you would be so kind to PM me, I will send you the real name. I have too much other stuff there.

Thanks Dan55

Share this post


Link to post
Share on other sites

The 1st post in this thread tells you what to change for 1and1 hosting.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

How do I change it so my index home page is always just http, not https?

 

I am having a problem when you initially go to the home page it is http, but then when you go to the checkout which is a https page and then you click to go back to the home page it comes up as a https and then the error message comes up about secure and insecure items. If I go from an about us type page that is http and click the home button, the home is http. So what do I need to change to make sure the home page is always http only?

 

Thanks,

bagheera202

Share this post


Link to post
Share on other sites

The correct way to fix this would be to get rid of the "unsecure" items on the index page.

 

You can try this:

 

At the top of /catalog/checkout_success.php change this:

 

    tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));

 

to

 

    tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string,'NONSSL'));

 

I'm not 100% sure that will fix the problem.

:blush:

 

If it doesn't, you can PM me the url to your store and I'll help get the "unsecure items" fixed.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi, I need your help :(

 

I am trying configure ssl, but it doesnt works correctly, it lost sessions when I go from http to https area and https to http.

 

When I click on my account it login correctly and looks https://....

but when I click on categories, prodcuts... logout and look http...

 

If I add products to cart it works correctly... but.. when I go to https area to login... cart looks empty.

 

I think I have problem with sessions, but i dont know anymore...

 

here my configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.mydomain.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mydomain.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mydomain.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/'); 
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '********');
 define('DB_SERVER_PASSWORD', '*******');
 define('DB_DATABASE', '******');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

Thanks for all and sorry for my english.

Share this post


Link to post
Share on other sites

I don't see anything that looks misconfigured.

 

Unless you want to post your URL (or PM it to me) so I can click around the site and see just what's going on there isn't much I can do.

 

Even then I might not be able to offer corrective action - all I can promise it that I'll try.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi there, I have recently purchased an SSL and am having some problems configuring it. As far as i can tell it is installed correctly through cpanel and i have made the required changes to configuration file. I have tried all suggestions for application top with no success. I have installed the contribution but with my limited knowledge are at a loss as to interpreting the results. If someone could take a look i would be most greatful, my site is at www.welshsuperstore.co.uk

 

thank you in anticipation,

regards, dthos

Share this post


Link to post
Share on other sites

×